False Positive? BAT/DelTree trojan

I am currently using NOD32 V2.7.12 RC with Blackspear's extra settings.

I came across this alert which was likely to be a false positive (it is definitely not a rogue site) & it didn't appear all the time when accessing this web page (I tried for about 6 or 7 times & got about 4 alerts)

If you look in the NOD32 Quarantine (and you're confident you are able to do so safely) you should be able to see an entry for hxxp://forums.hardwarezone.com/showthread.php?t=1457112 that you can restore to an alternate location using 'restore to' from the right click menu.

edit: just read your post - you may wish to check your IMON settings against these

If you are happy to then let me know and I'll PM you an email address and take a look at it.

If you look in the NOD32 Quarantine (and you're confident you are able to do so safely) you should be able to see an entry for hxxp://forums.hardwarezone.com/showthread.php?t=1457112 that you can restore to an alternate location using 'restore to' from the right click menu.

edit: just read your post - you may wish to check your IMON settings against these

If you are happy to then let me know and I'll PM you an email address and take a look at it.

Cheers

Click to expand...

There is no entry in the Quarantine as I am using Blackspear's extra settings (the option "When a threat from the Internet is detected, Automatically deny download of file" was checked).

This problem was posted by someone & I happily replied "no problem" to him after first time checking. Unfortunately I wasn't that lucky after the next few attempts.

Just because I don't get an alert does not make it a FP since it could be in a linked object that is regionalised for example a contextual ad or banner or similar that does not get inserted into the page because of my region but gets triggered in yours... That's why I was hoping you would be able to forward it from your quarantine.

Just because I don't get an alert does not make it a FP since it could be in a linked object that is regionalised for example a contextual ad or banner or similar that does not get inserted into the page because of my region but gets triggered in yours... That's why I was hoping you would be able to forward it from your quarantine.

Cheers

Click to expand...

The strange thing is now I am no longer getting this alert (I tried 7 or 8 times just now).

I'm running Version 2.70.12RC with sig 1869 (20061116). I clicked the link ie7 vs ie6 many times without any problems. I'm using Blackspear's full settings.
I'm also using BoClean as a backup. No alarm was given.

The question is whether they all are using the most current version 1689.

Click to expand...

Macros,

I was running version of signatures: 1868 (the latest then, I have version of signatures: 1869 now) when this problem occurred (I know at least another user got this problem with the latest signatures then).